Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Bing Search Results redirecting


  • This topic is locked This topic is locked
4 replies to this topic

#1 Sir_Porkus

Sir_Porkus

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 03 July 2011 - 04:51 PM

Avast keeps coming up with mailicous URL Blocked.
The IP addresses it reports as Malware are 64.111.211.158 and 64.11.211.165

I've run just about every malware scanner/remover I can find and still I keep getting redirects and the avast warning. I've tried following the advice in other posts here and have had no success so I am opening up this post in hopes that someone has encountered this.

Here is the DDS.txt
I will append the gmer log later since the last time I tried to run it IT locked up.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Ali at 17:34:13 on 2011-07-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1026 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\ali\appdata\roaming\micros~1\windows\startm~1\programs\startup\epsona~1.lnk - d:\common\epsonreg\EpsonReg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{40CCC401-BF30-41D6-92F3-851364DB5B8C} : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{EDDC1228-5F4A-4D15-BA20-0A3679D7246A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EDDC1228-5F4A-4D15-BA20-0A3679D7246A}\05B4341353 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EDDC1228-5F4A-4D15-BA20-0A3679D7246A}\16C66627564676C6F667562713 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EDDC1228-5F4A-4D15-BA20-0A3679D7246A}\16C696370246C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EDDC1228-5F4A-4D15-BA20-0A3679D7246A}\37472716772656272797F616B65637 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{EDDC1228-5F4A-4D15-BA20-0A3679D7246A}\46C696E6B6 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{EDDC1228-5F4A-4D15-BA20-0A3679D7246A}\86967686C616E646F526F6F6379737 : DhcpNameServer = 68.87.71.226 68.87.71.242 192.168.1.1
TCP: Interfaces\{EDDC1228-5F4A-4D15-BA20-0A3679D7246A}\A4F686E60216E64602C496A7723702E4564777F627B6 : DhcpNameServer = 10.0.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ali\appdata\roaming\mozilla\firefox\profiles\xmpgz8o2.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-1 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-17 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-17 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-17 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-17 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-1 42184]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-9-17 7680]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-9-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-26 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-1 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-26 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-17 171520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-8 1343400]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-07-02 13:53:56 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-02 13:45:52 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-02 13:18:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-02 13:17:03 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-04 04:53:10 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 17:36:49.00 ===============

I have attached GMER log as ark.zip

Attached Files


Edited by Sir_Porkus, 03 July 2011 - 05:43 PM.


BC AdBot (Login to Remove)

 


#2 Sir_Porkus

Sir_Porkus
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 03 July 2011 - 07:39 PM

Here are the results of the GMER scan

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-03 18:41:14
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK3263GSX rev.FG020M
Running: gmer.exe; Driver: C:\Users\Ali\AppData\Local\Temp\kwtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90A26202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x910A5CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90A2881C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90A28874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90A2898A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90A28772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x90A288C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90A287C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90A28938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90A26226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x910A5D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90A25FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90A2624A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90A28D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90A26CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90A2884C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90A2889C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90A289B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90A2879E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90A28904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90A287F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90A28962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x910A5DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90A26BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90A2626E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90A26292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90A2604A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90A26186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90A26162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90A261AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90A262B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x910BB902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8304D569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83072092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 83079824 4 Bytes [02, 62, A2, 90] {ADD AH, [EDX-0x5e]; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 8307984C 4 Bytes [B2, 5C, 0A, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 83079900 8 Bytes [1C, 88, A2, 90, 74, 88, A2, ...] {SBB AL, 0x88; MOV [0xa2887490], AL; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 8307990C 4 Bytes [8A, 89, A2, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 83079928 4 Bytes [72, 87, A2, 90]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 832132CC 5 Bytes JMP 910B72BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8322D003 5 Bytes JMP 910B8D74 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 832775CA 4 Bytes CALL 90A2734B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8327F6A4 4 Bytes CALL 90A27361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 832E52EC 7 Bytes JMP 910BB906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AF2F000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AF74000, 0x3DC, 0x48000040]
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x97809000, 0x2D5526, 0xE8000020]
.text win32k.sys!EngMultiByteToUnicodeN + 7231 9A71987A 5 Bytes JMP 90A29342 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwned + 8A1B 9A7308AA 5 Bytes JMP 90A2946C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + C12F 9A75172E 5 Bytes JMP 90A29E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3322 9A764F4F 5 Bytes JMP 90A28F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4027 9A765C54 5 Bytes JMP 90A29C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 177B 9A76B585 5 Bytes JMP 90A29352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 79DD 9A787AE0 5 Bytes JMP 90A28FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 86C4 9A7887C7 5 Bytes JMP 90A28E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 92B4 9A7893B7 5 Bytes JMP 90A291AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + A5D0 9A7A41B4 5 Bytes JMP 90A29B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + C985 9A7A6569 5 Bytes JMP 90A28DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 56E 9A7AFBAD 5 Bytes JMP 90A29BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 5201 9A7B4840 5 Bytes JMP 90A2A040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 6119 9A7C7A52 5 Bytes JMP 90A28E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1AE86 9A7DC7BF 5 Bytes JMP 90A29C1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_bEnum + 9788 9A7EFCBC 5 Bytes JMP 90A29114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26C1 9A7F7D9A 5 Bytes JMP 90A29EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 9A80B815 5 Bytes JMP 90A290DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 9A81B864 5 Bytes JMP 90A29F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EB5 9A84626F 5 Bytes JMP 90A29034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 1C6C 9A84A27E 5 Bytes JMP 90A2906A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + C86 9A84CF34 5 Bytes JMP 90A29D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + 6D0F 9A855C35 5 Bytes JMP 90A28F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\Ali\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\Users\Ali\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text user32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes [E9, 88, 3D, 3C, 8A] {JMP 0xffffffff8a3c3d8d}
.text user32.dll!UnhookWinEvent 75E4D924 5 Bytes [E9, D3, 2A, 3C, 8A] {JMP 0xffffffff8a3c2ad8}
.text user32.dll!SetWindowsHookExW 75E5210A 5 Bytes [E9, F5, E6, 3B, 8A] {JMP 0xffffffff8a3be6fa}
.text user32.dll!SetWinEventHook 75E5507E 5 Bytes [E9, 75, B1, 3B, 8A] {JMP 0xffffffff8a3bb17a}
.text user32.dll!SetWindowsHookExA 75E76DFA 5 Bytes [E9, 01, 98, 39, 8A] {JMP 0xffffffff8a399806}
.text kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[204] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[204] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[204] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[204] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 003B0A08
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[204] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 003B03FC
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[204] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 003B0804
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[204] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 003B01F8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[204] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[312] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[312] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[312] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[312] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 002E0A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[312] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002E03FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[312] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 002E0804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[312] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002E01F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[312] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 002E0600
.text C:\windows\system32\csrss.exe[416] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\wininit.exe[488] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[488] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[488] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\wininit.exe[488] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00050A08
.text C:\windows\system32\wininit.exe[488] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000503FC
.text C:\windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00050804
.text C:\windows\system32\wininit.exe[488] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000501F8
.text C:\windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00050600
.text C:\windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\services.exe[544] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\services.exe[544] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\services.exe[544] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\lsass.exe[560] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[560] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[560] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\lsm.exe[568] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000A03FC
.text C:\windows\system32\lsm.exe[568] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000A01F8
.text C:\windows\system32\lsm.exe[568] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\winlogon.exe[628] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[628] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[628] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\winlogon.exe[628] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 000C0A08
.text C:\windows\system32\winlogon.exe[628] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000C03FC
.text C:\windows\system32\winlogon.exe[628] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 000C0804
.text C:\windows\system32\winlogon.exe[628] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000C01F8
.text C:\windows\system32\winlogon.exe[628] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 000C0600
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[672] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[672] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[672] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[672] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00080A08
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[672] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000803FC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[672] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00080804
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[672] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000801F8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[672] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00080600
.text C:\windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[744] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\atiesrxx.exe[884] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\windows\system32\atiesrxx.exe[884] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\windows\system32\atiesrxx.exe[884] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\atiesrxx.exe[884] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 001F0A08
.text C:\windows\system32\atiesrxx.exe[884] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001F03FC
.text C:\windows\system32\atiesrxx.exe[884] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 001F0804
.text C:\windows\system32\atiesrxx.exe[884] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001F01F8
.text C:\windows\system32\atiesrxx.exe[884] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 001F0600
.text C:\windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[916] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[920] KERNEL32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\System32\svchost.exe[960] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[960] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\System32\svchost.exe[960] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00200A08
.text C:\windows\System32\svchost.exe[960] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002003FC
.text C:\windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00200804
.text C:\windows\System32\svchost.exe[960] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002001F8
.text C:\windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00200600
.text C:\windows\System32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1008] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\System32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00950A08
.text C:\windows\System32\svchost.exe[1008] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 009503FC
.text C:\windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00950804
.text C:\windows\System32\svchost.exe[1008] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 009501F8
.text C:\windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00950600
.text C:\windows\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 009F0A08
.text C:\windows\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 009F03FC
.text C:\windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 009F0804
.text C:\windows\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 009F01F8
.text C:\windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 009F0600
.text C:\windows\system32\wuauclt.exe[1048] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000703FC
.text C:\windows\system32\wuauclt.exe[1048] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000701F8
.text C:\windows\system32\wuauclt.exe[1048] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\wuauclt.exe[1048] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00090A08
.text C:\windows\system32\wuauclt.exe[1048] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000903FC
.text C:\windows\system32\wuauclt.exe[1048] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00090804
.text C:\windows\system32\wuauclt.exe[1048] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000901F8
.text C:\windows\system32\wuauclt.exe[1048] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00090600
.text C:\windows\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000A03FC
.text C:\windows\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000A01F8
.text C:\windows\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00410A08
.text C:\windows\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 004103FC
.text C:\windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00410804
.text C:\windows\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 004101F8
.text C:\windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00410600
.text C:\Windows\system32\TODDSrv.exe[1180] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Windows\system32\TODDSrv.exe[1180] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Windows\system32\TODDSrv.exe[1180] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Windows\system32\TODDSrv.exe[1180] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\TODDSrv.exe[1180] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\TODDSrv.exe[1180] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\TODDSrv.exe[1180] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\TODDSrv.exe[1180] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 001F0600
.text C:\windows\system32\svchost.exe[1288] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\svchost.exe[1288] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00460A08
.text C:\windows\system32\svchost.exe[1288] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 004603FC
.text C:\windows\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00460804
.text C:\windows\system32\svchost.exe[1288] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 004601F8
.text C:\windows\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00460600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] kernel32.dll!SetUnhandledExceptionFilter 75D63162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1700] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[1700] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[1700] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1700] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00140A08
.text C:\windows\System32\spoolsv.exe[1700] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001403FC
.text C:\windows\System32\spoolsv.exe[1700] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00140804
.text C:\windows\System32\spoolsv.exe[1700] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001401F8
.text C:\windows\System32\spoolsv.exe[1700] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00140600
.text C:\windows\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00150A08
.text C:\windows\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001503FC
.text C:\windows\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00150804
.text C:\windows\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001501F8
.text C:\windows\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00150600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00100600
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1876] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1876] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1876] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1876] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00230A08
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1876] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002303FC
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1876] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00230804
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1876] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002301F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1876] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00230600
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1908] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1908] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1908] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1908] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 01350A08
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1908] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 013503FC
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1908] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 01350804
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1908] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 013501F8
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1908] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 01350600
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1992] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1992] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1992] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1992] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00920A08
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1992] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 009203FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1992] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00920804
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1992] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 009201F8
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[1992] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00920600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2044] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2044] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2044] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2044] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00140A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2044] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2044] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00140804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2044] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2044] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00140600
.text C:\windows\system32\SearchIndexer.exe[2100] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchIndexer.exe[2100] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchIndexer.exe[2100] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[2100] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00100A08
.text C:\windows\system32\SearchIndexer.exe[2100] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001003FC
.text C:\windows\system32\SearchIndexer.exe[2100] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00100804
.text C:\windows\system32\SearchIndexer.exe[2100] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001001F8
.text C:\windows\system32\SearchIndexer.exe[2100] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2152] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2152] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2152] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2152] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2152] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2152] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2152] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2152] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00090600
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00330A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 003303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!CreateWindowExW 75E50E51 5 Bytes JMP 6C748187 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00330804
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 003301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!DialogBoxIndirectParamW 75E74AA7 5 Bytes JMP 6C870240 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!DialogBoxParamW 75E7564A 5 Bytes JMP 6C664B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00330600
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!DialogBoxParamA 75E8CF6A 5 Bytes JMP 6C8701DD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!DialogBoxIndirectParamA 75E8D29C 5 Bytes JMP 6C8702A3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!MessageBoxIndirectA 75E9E8C9 5 Bytes JMP 6C870172 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!MessageBoxIndirectW 75E9E9C3 5 Bytes JMP 6C870107 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!MessageBoxExA 75E9EA29 5 Bytes JMP 6C8700A5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!MessageBoxExW 75E9EA4D 5 Bytes JMP 6C870043 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] WININET.dll!HttpAddRequestHeadersA 76F29ABA 5 Bytes JMP 003C6A90
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] WININET.dll!HttpAddRequestHeadersW 76F30848 5 Bytes JMP 003C6C90
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] WS2_32.dll!closesocket 755A3BED 5 Bytes JMP 0049000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] WS2_32.dll!recv 755A47DF 5 Bytes JMP 0047000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] WS2_32.dll!connect 755A48BE 5 Bytes JMP 0048000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] WS2_32.dll!getaddrinfo 755A6737 5 Bytes JMP 004C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] WS2_32.dll!send 755AC4C8 5 Bytes JMP 004A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] WS2_32.dll!gethostbyname 755B7133 5 Bytes JMP 004B000A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2460] KERNEL32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00330A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 003303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!CreateWindowExW 75E50E51 5 Bytes JMP 6C748187 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00330804
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 003301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DialogBoxIndirectParamW 75E74AA7 5 Bytes JMP 6C870240 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DialogBoxParamW 75E7564A 5 Bytes JMP 6C664B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00330600
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DialogBoxParamA 75E8CF6A 5 Bytes JMP 6C8701DD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!DialogBoxIndirectParamA 75E8D29C 5 Bytes JMP 6C8702A3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MessageBoxIndirectA 75E9E8C9 5 Bytes JMP 6C870172 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MessageBoxIndirectW 75E9E9C3 5 Bytes JMP 6C870107 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MessageBoxExA 75E9EA29 5 Bytes JMP 6C8700A5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] USER32.dll!MessageBoxExW 75E9EA4D 5 Bytes JMP 6C870043 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] WININET.dll!HttpAddRequestHeadersA 76F29ABA 5 Bytes JMP 00436A90
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] WININET.dll!HttpAddRequestHeadersW 76F30848 5 Bytes JMP 00436C90
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] WS2_32.dll!closesocket 755A3BED 5 Bytes JMP 00A6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] WS2_32.dll!recv 755A47DF 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] WS2_32.dll!connect 755A48BE 5 Bytes JMP 005A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] WS2_32.dll!getaddrinfo 755A6737 5 Bytes JMP 00A9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] WS2_32.dll!send 755AC4C8 5 Bytes JMP 00A7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2504] WS2_32.dll!gethostbyname 755B7133 5 Bytes JMP 00A8000A
.text C:\windows\system32\Dwm.exe[2544] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[2544] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[2544] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\Dwm.exe[2544] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00080A08
.text C:\windows\system32\Dwm.exe[2544] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000803FC
.text C:\windows\system32\Dwm.exe[2544] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00080804
.text C:\windows\system32\Dwm.exe[2544] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000801F8
.text C:\windows\system32\Dwm.exe[2544] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00080600
.text C:\windows\Explorer.EXE[2556] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[2556] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[2556] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\Explorer.EXE[2556] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00150A08
.text C:\windows\Explorer.EXE[2556] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001503FC
.text C:\windows\Explorer.EXE[2556] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00150804
.text C:\windows\Explorer.EXE[2556] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001501F8
.text C:\windows\Explorer.EXE[2556] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00150600
.text C:\windows\system32\taskhost.exe[2568] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[2568] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[2568] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\taskhost.exe[2568] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[2568] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[2568] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[2568] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[2568] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 000E0600
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00130A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!CreateWindowExW 75E50E51 5 Bytes JMP 6C748187 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00130804
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!DialogBoxIndirectParamW 75E74AA7 5 Bytes JMP 6C870240 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!DialogBoxParamW 75E7564A 5 Bytes JMP 6C664B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00130600
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!DialogBoxParamA 75E8CF6A 5 Bytes JMP 6C8701DD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!DialogBoxIndirectParamA 75E8D29C 5 Bytes JMP 6C8702A3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!MessageBoxIndirectA 75E9E8C9 5 Bytes JMP 6C870172 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!MessageBoxIndirectW 75E9E9C3 5 Bytes JMP 6C870107 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!MessageBoxExA 75E9EA29 5 Bytes JMP 6C8700A5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!MessageBoxExW 75E9EA4D 5 Bytes JMP 6C870043 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!HttpAddRequestHeadersA 76F29ABA 5 Bytes JMP 00306A90
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!HttpAddRequestHeadersW 76F30848 5 Bytes JMP 00306C90
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!closesocket 755A3BED 5 Bytes JMP 0061000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!recv 755A47DF 5 Bytes JMP 005B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!connect 755A48BE 5 Bytes JMP 0060000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!getaddrinfo 755A6737 5 Bytes JMP 0075000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!send 755AC4C8 5 Bytes JMP 0062000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!gethostbyname 755B7133 5 Bytes JMP 0074000A
.text C:\Program Files\iPod\bin\iPodService.exe[2832] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\iPod\bin\iPodService.exe[2832] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\iPod\bin\iPodService.exe[2832] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2832] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\iPod\bin\iPodService.exe[2832] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001003FC
.text C:\Program Files\iPod\bin\iPodService.exe[2832] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00100804
.text C:\Program Files\iPod\bin\iPodService.exe[2832] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001001F8
.text C:\Program Files\iPod\bin\iPodService.exe[2832] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00100600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2908] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2908] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2908] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2908] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 001A0A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2908] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001A03FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2908] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 001A0804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2908] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001A01F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2908] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 001A0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 001F0600
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2976] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2976] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2976] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2976] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00330A08
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2976] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 003303FC
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2976] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00330804
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2976] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 003301F8
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2976] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00330600
.text C:\windows\system32\wbem\unsecapp.exe[3016] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3020] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3020] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3020] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3020] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3020] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001F03FC
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3020] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 001F0804
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3020] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001F01F8
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3020] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 001F0600
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3056] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3056] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3056] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3056] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00180A08
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3056] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3056] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3056] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3056] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe[3104] KERNEL32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\AUDIODG.EXE[3120] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3136] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3136] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3136] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3136] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00230A08
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3136] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002303FC
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3136] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00230804
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3136] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002301F8
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3136] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00230600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3160] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3160] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3160] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3160] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00270A08
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3160] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002703FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3160] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00270804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3160] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002701F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3160] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00270600
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 6C7583AA C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!CallNextHookEx 75E4CC8F 5 Bytes JMP 6C739D94 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!CreateWindowExW 75E50E51 5 Bytes JMP 6C748187 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 6C6F460B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxIndirectParamW 75E74AA7 5 Bytes JMP 6C870240 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxParamW 75E7564A 5 Bytes JMP 6C664B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00230600
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxParamA 75E8CF6A 5 Bytes JMP 6C8701DD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxIndirectParamA 75E8D29C 5 Bytes JMP 6C8702A3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxIndirectA 75E9E8C9 5 Bytes JMP 6C870172 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxIndirectW 75E9E9C3 5 Bytes JMP 6C870107 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxExA 75E9EA29 5 Bytes JMP 6C8700A5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxExW 75E9EA4D 5 Bytes JMP 6C870043 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] ole32.dll!OleLoadFromStream 76025BF6 5 Bytes JMP 6C87059E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] ole32.dll!CoCreateInstance 7607590C 5 Bytes JMP 6C748C75 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] WININET.dll!HttpAddRequestHeadersA 76F29ABA 5 Bytes JMP 009F6A90
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] WININET.dll!HttpAddRequestHeadersW 76F30848 5 Bytes JMP 009F6C90
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] WS2_32.dll!closesocket 755A3BED 5 Bytes JMP 004E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] WS2_32.dll!recv 755A47DF 5 Bytes JMP 004C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] WS2_32.dll!connect 755A48BE 5 Bytes JMP 004D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] WS2_32.dll!getaddrinfo 755A6737 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] WS2_32.dll!send 755AC4C8 5 Bytes JMP 004F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] WS2_32.dll!gethostbyname 755B7133 5 Bytes JMP 0050000A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3388] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3388] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3388] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3388] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3388] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002103FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3388] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00210804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3388] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002101F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3388] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00210600
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3436] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3436] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3436] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3436] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3436] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000F03FC
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3436] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 000F0804
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3436] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3436] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 000F0600
.text C:\Program Files\iTunes\iTunesHelper.exe[3552] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3552] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3552] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3552] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3552] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000F03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3552] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 000F0804
.text C:\Program Files\iTunes\iTunesHelper.exe[3552] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000F01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3552] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3560] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3600] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3600] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3600] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3600] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00310A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3600] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3600] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00310804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3600] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 003101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3600] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00310600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3616] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3616] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3616] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3616] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3616] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3616] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 001F0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3616] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3616] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 001F0600
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3636] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3636] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3636] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3636] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3636] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000F03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3636] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 000F0804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3636] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000F01F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3636] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 000F0600
.text C:\Users\Ali\Desktop\gmer.exe[3676] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Users\Ali\Desktop\gmer.exe[3676] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Users\Ali\Desktop\gmer.exe[3676] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Users\Ali\Desktop\gmer.exe[3676] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00210A08
.text C:\Users\Ali\Desktop\gmer.exe[3676] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002103FC
.text C:\Users\Ali\Desktop\gmer.exe[3676] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00210804
.text C:\Users\Ali\Desktop\gmer.exe[3676] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002101F8
.text C:\Users\Ali\Desktop\gmer.exe[3676] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00210600
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 6C7583AA C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!CallNextHookEx 75E4CC8F 5 Bytes JMP 6C739D94 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!CreateWindowExW 75E50E51 5 Bytes JMP 6C748187 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 6C6F460B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamW 75E74AA7 5 Bytes JMP 6C870240 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamW 75E7564A 5 Bytes JMP 6C664B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00130600
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxParamA 75E8CF6A 5 Bytes JMP 6C8701DD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!DialogBoxIndirectParamA 75E8D29C 5 Bytes JMP 6C8702A3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectA 75E9E8C9 5 Bytes JMP 6C870172 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxIndirectW 75E9E9C3 5 Bytes JMP 6C870107 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExA 75E9EA29 5 Bytes JMP 6C8700A5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] USER32.dll!MessageBoxExW 75E9EA4D 5 Bytes JMP 6C870043 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] ole32.dll!OleLoadFromStream 76025BF6 5 Bytes JMP 6C87059E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] ole32.dll!CoCreateInstance 7607590C 5 Bytes JMP 6C748C75 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] WININET.dll!HttpAddRequestHeadersA 76F29ABA 5 Bytes JMP 00436A90
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] WININET.dll!HttpAddRequestHeadersW 76F30848 5 Bytes JMP 00436C90
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] WS2_32.dll!closesocket 755A3BED 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] WS2_32.dll!recv 755A47DF 5 Bytes JMP 0034000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] WS2_32.dll!connect 755A48BE 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] WS2_32.dll!getaddrinfo 755A6737 5 Bytes JMP 0039000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] WS2_32.dll!send 755AC4C8 5 Bytes JMP 0037000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3704] WS2_32.dll!gethostbyname 755B7133 5 Bytes JMP 0038000A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[3740] KERNEL32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\atieclxx.exe[3936] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\windows\system32\atieclxx.exe[3936] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\windows\system32\atieclxx.exe[3936] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\atieclxx.exe[3936] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00200A08
.text C:\windows\system32\atieclxx.exe[3936] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002003FC
.text C:\windows\system32\atieclxx.exe[3936] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00200804
.text C:\windows\system32\atieclxx.exe[3936] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002001F8
.text C:\windows\system32\atieclxx.exe[3936] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00200600
.text C:\windows\system32\NOTEPAD.EXE[4132] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000A03FC
.text C:\windows\system32\NOTEPAD.EXE[4132] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000A01F8
.text C:\windows\system32\NOTEPAD.EXE[4132] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\NOTEPAD.EXE[4132] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00150A08
.text C:\windows\system32\NOTEPAD.EXE[4132] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001503FC
.text C:\windows\system32\NOTEPAD.EXE[4132] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00150804
.text C:\windows\system32\NOTEPAD.EXE[4132] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001501F8
.text C:\windows\system32\NOTEPAD.EXE[4132] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00150600
.text C:\windows\system32\wbem\wmiprvse.exe[4140] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\wmiprvse.exe[4140] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\wmiprvse.exe[4140] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[4140] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00100A08
.text C:\windows\system32\wbem\wmiprvse.exe[4140] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001003FC
.text C:\windows\system32\wbem\wmiprvse.exe[4140] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00100804
.text C:\windows\system32\wbem\wmiprvse.exe[4140] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001001F8
.text C:\windows\system32\wbem\wmiprvse.exe[4140] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00100600
.text C:\windows\system32\svchost.exe[4212] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[4212] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[4212] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\svchost.exe[4212] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00270A08
.text C:\windows\system32\svchost.exe[4212] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002703FC
.text C:\windows\system32\svchost.exe[4212] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00270804
.text C:\windows\system32\svchost.exe[4212] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002701F8
.text C:\windows\system32\svchost.exe[4212] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00270600
.text C:\windows\system32\NOTEPAD.EXE[4260] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\NOTEPAD.EXE[4260] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\NOTEPAD.EXE[4260] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\NOTEPAD.EXE[4260] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00090A08
.text C:\windows\system32\NOTEPAD.EXE[4260] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000903FC
.text C:\windows\system32\NOTEPAD.EXE[4260] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00090804
.text C:\windows\system32\NOTEPAD.EXE[4260] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000901F8
.text C:\windows\system32\NOTEPAD.EXE[4260] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00090600
.text C:\windows\system32\svchost.exe[4268] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[4268] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[4268] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\svchost.exe[4268] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 008D0A08
.text C:\windows\system32\svchost.exe[4268] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 008D03FC
.text C:\windows\system32\svchost.exe[4268] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 008D0804
.text C:\windows\system32\svchost.exe[4268] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 008D01F8
.text C:\windows\system32\svchost.exe[4268] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 008D0600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4388] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4388] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4388] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4388] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4388] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4388] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4388] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4388] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 001F0600
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[4448] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[4448] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[4448] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[4448] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00180A08
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[4448] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[4448] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[4448] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[4448] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4628] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4628] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4628] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4628] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4628] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002F03FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4628] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 002F0804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4628] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002F01F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4628] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 002F0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[4732] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[4732] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[4732] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[4732] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[4732] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002003FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[4732] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00200804
.text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[4732] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002001F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe[4732] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00200600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4828] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4828] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4828] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4828] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4828] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4828] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00100804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4828] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4828] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00100600
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4884] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4884] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4884] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4884] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4884] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001F03FC
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4884] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 001F0804
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4884] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001F01F8
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[4884] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 6C7583AA C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!CallNextHookEx 75E4CC8F 5 Bytes JMP 6C739D94 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!CreateWindowExW 75E50E51 5 Bytes JMP 6C748187 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 6C6F460B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DialogBoxIndirectParamW 75E74AA7 5 Bytes JMP 6C870240 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DialogBoxParamW 75E7564A 5 Bytes JMP 6C664B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00230600
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DialogBoxParamA 75E8CF6A 5 Bytes JMP 6C8701DD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DialogBoxIndirectParamA 75E8D29C 5 Bytes JMP 6C8702A3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!MessageBoxIndirectA 75E9E8C9 5 Bytes JMP 6C870172 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!MessageBoxIndirectW 75E9E9C3 5 Bytes JMP 6C870107 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!MessageBoxExA 75E9EA29 5 Bytes JMP 6C8700A5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!MessageBoxExW 75E9EA4D 5 Bytes JMP 6C870043 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] ole32.dll!OleLoadFromStream 76025BF6 5 Bytes JMP 6C87059E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] ole32.dll!CoCreateInstance 7607590C 5 Bytes JMP 6C748C75 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] WININET.dll!HttpAddRequestHeadersA 76F29ABA 5 Bytes JMP 016A6A90
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] WININET.dll!HttpAddRequestHeadersW 76F30848 5 Bytes JMP 016A6C90
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] WS2_32.dll!closesocket 755A3BED 5 Bytes JMP 0192000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] WS2_32.dll!recv 755A47DF 5 Bytes JMP 0047000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] WS2_32.dll!connect 755A48BE 5 Bytes JMP 0048000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] WS2_32.dll!getaddrinfo 755A6737 5 Bytes JMP 01B9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] WS2_32.dll!send 755AC4C8 5 Bytes JMP 0193000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] WS2_32.dll!gethostbyname 755B7133 5 Bytes JMP 01B8000A
.text C:\windows\System32\svchost.exe[4952] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[4952] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[4952] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\System32\svchost.exe[4952] user32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00200A08
.text C:\windows\System32\svchost.exe[4952] user32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002003FC
.text C:\windows\System32\svchost.exe[4952] user32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00200804
.text C:\windows\System32\svchost.exe[4952] user32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002001F8
.text C:\windows\System32\svchost.exe[4952] user32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00200600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5304] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5304] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5304] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5304] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00220A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5304] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002203FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5304] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00220804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5304] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002201F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[5304] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00220600
.text C:\windows\system32\taskeng.exe[5436] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\system32\taskeng.exe[5436] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\system32\taskeng.exe[5436] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\system32\taskeng.exe[5436] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 000F0A08
.text C:\windows\system32\taskeng.exe[5436] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 000F03FC
.text C:\windows\system32\taskeng.exe[5436] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 000F0804
.text C:\windows\system32\taskeng.exe[5436] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 000F01F8
.text C:\windows\system32\taskeng.exe[5436] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 000F0600
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[5548] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[5548] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[5548] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[5548] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 003A0A08
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[5548] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 003A03FC
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[5548] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 003A0804
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[5548] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 003A01F8
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[5548] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 003A0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5828] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5828] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5828] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5828] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00380A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5828] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 003803FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5828] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00380804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5828] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 003801F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5828] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00380600
.text C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe[5836] KERNEL32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\System32\svchost.exe[6012] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[6012] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[6012] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\windows\System32\svchost.exe[6012] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 00200A08
.text C:\windows\System32\svchost.exe[6012] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 002003FC
.text C:\windows\System32\svchost.exe[6012] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 00200804
.text C:\windows\System32\svchost.exe[6012] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 002001F8
.text C:\windows\System32\svchost.exe[6012] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00200600
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] ntdll.dll!LdrUnloadDll 771ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] ntdll.dll!LdrLoadDll 771AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] kernel32.dll!GetBinaryTypeW + 70 75D77984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!CreateDialogParamW 75E49BFF 5 Bytes JMP 6C69C580 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!EnableWindow 75E4A72E 5 Bytes JMP 6C69C4FB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!GetAsyncKeyState 75E4C09A 5 Bytes JMP 6C65D6D1 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!UnhookWindowsHookEx 75E4CC7B 5 Bytes JMP 6C7583AA C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!CallNextHookEx 75E4CC8F 5 Bytes JMP 6C739D94 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!UnhookWinEvent 75E4D924 5 Bytes JMP 001303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!CreateWindowExW 75E50E51 5 Bytes JMP 6C748187 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!SetWindowsHookExW 75E5210A 5 Bytes JMP 6C6F460B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!GetKeyState 75E54FDA 5 Bytes JMP 6C69D772 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!SetWinEventHook 75E5507E 5 Bytes JMP 001301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!IsDialogMessageW 75E56F06 5 Bytes JMP 6C664264 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!CreateDialogParamA 75E63E79 5 Bytes JMP 6C870E41 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!IsDialogMessage 75E6407A 5 Bytes JMP 6C8706E2 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!CreateDialogIndirectParamA 75E69110 5 Bytes JMP 6C870E78 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!CreateDialogIndirectParamW 75E708AD 5 Bytes JMP 6C870EAF C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!DialogBoxIndirectParamW 75E74AA7 5 Bytes JMP 6C870240 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!EndDialog 75E7555C 5 Bytes JMP 6C665AC9 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!DialogBoxParamW 75E7564A 5 Bytes JMP 6C664B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!SetKeyboardState 75E76B52 5 Bytes JMP 6C870A47 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!SetWindowsHookExA 75E76DFA 5 Bytes JMP 00130600
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!SendInput 75E77055 5 Bytes JMP 6C87160C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!SetCursorPos 75E8C1D8 5 Bytes JMP 6C871664 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!DialogBoxParamA 75E8CF6A 5 Bytes JMP 6C8701DD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!DialogBoxIndirectParamA 75E8D29C 5 Bytes JMP 6C8702A3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!MessageBoxIndirectA 75E9E8C9 5 Bytes JMP 6C870172 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!MessageBoxIndirectW 75E9E9C3 5 Bytes JMP 6C870107 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!MessageBoxExA 75E9EA29 5 Bytes JMP 6C8700A5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!MessageBoxExW 75E9EA4D 5 Bytes JMP 6C870043 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] USER32.dll!keybd_event 75E9EC9B 5 Bytes JMP 6C871997 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] SHELL32.dll!SHChangeNotification_Lock + 45BA 762BB440 4 Bytes [11, 36, CD, 6F] {ADC [ESI], ESI; INT 0x6f}
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] SHELL32.dll!SHChangeNotification_Lock + 45C2 762BB448 8 Bytes [5F, 35, CD, 6F, D0, 73, CC, ...] {POP EDI; XOR EAX, 0x73d06fcd; INT 3 ; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] ole32.dll!OleLoadFromStream 76025BF6 5 Bytes JMP 6C87059E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] ole32.dll!CoCreateInstance 7607590C 5 Bytes JMP 6C748C75 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] WININET.dll!HttpAddRequestHeadersA 76F29ABA 5 Bytes JMP 016B6A90
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] WININET.dll!HttpAddRequestHeadersW 76F30848 5 Bytes JMP 016B6C90
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] WS2_32.dll!closesocket 755A3BED 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] WS2_32.dll!recv 755A47DF 5 Bytes JMP 004F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] WS2_32.dll!connect 755A48BE 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] WS2_32.dll!getaddrinfo 755A6737 5 Bytes JMP 0054000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] WS2_32.dll!send 755AC4C8 5 Bytes JMP 0052000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6108] WS2_32.dll!gethostbyname 755B7133 5 Bytes JMP 0053000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 868DE1ED
Device \Driver\atapi \Device\Ide\IdePort0 868DE1ED
Device \Driver\atapi \Device\Ide\IdePort1 868DE1ED
Device \Driver\atapi \Device\Ide\IdePort2 868DE1ED
Device \Driver\atapi \Device\Ide\IdePort3 868DE1ED
Device \Driver\atapi \Device\Ide\IdePort4 868DE1ED
Device \Driver\atapi \Device\Ide\IdePort5 868DE1ED
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 868DE1ED

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:212] 868E2E7A
Thread System [4:216] 868E5008

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r34 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 37888 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{254268a9-a4af-11e0-b935-001e33f784a2}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{254268a9-a4af-11e0-b935-001e33f784a2}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{254268a9-a4af-11e0-b935-001e33f784a2}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf 15754 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 474 bytes

---- EOF - GMER 1.0.15 ----

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 08 July 2011 - 02:32 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 10 July 2011 - 11:09 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 14 July 2011 - 02:42 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users